| Summary: | ASTERISK-00877: app_festival, possible to exceed string length in code MD5Hex | ||
| Reporter: | woofie (woofie) | Labels: | |
| Date Opened: | 2004-01-19 10:01:41.000-0600 | Date Closed: | 2008-01-15 14:42:00.000-0600 |
| Priority: | Minor | Regression? | No |
| Status: | Closed/Complete | Components: | Core/General |
| Versions: | Frequency of Occurrence | ||
| Related Issues: | |||
| Environment: | Attachments: | ||
| Description: | MD5Hex string variable (line 266) allocates 32 bytes Routine starting line 353 can (not always) concatenate 2 bytes to array 16 times. If string is full 32 bytes, no room for final null. Recommend MD5Hex at least 33 bytes. Null overwrite could cause undetermined behavior. New to asterisk and bug fix process. Apologize for no diff patch on this. But Thought info would be good anyways. | ||
| Comments: | By: Brian West (bkw918) 2004-01-19 12:28:58.000-0600 attach a patch for that please. :) By: woofie (woofie) 2004-01-20 23:01:44.000-0600 will do. By: Mark Spencer (markster) 2004-01-22 15:56:32.000-0600 Fixed in CVS By: Digium Subversion (svnbot) 2008-01-15 14:42:00.000-0600 Repository: asterisk Revision: 2060 U trunk/apps/app_festival.c ------------------------------------------------------------------------ r2060 | markster | 2008-01-15 14:41:59 -0600 (Tue, 15 Jan 2008) | 2 lines Fix MD5Hex size (bug ASTERISK-877) ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=2060 | ||